Hi, i’m looking for a VPN that:

  • is easily deployable via a docker-compose
  • has an Android App and it doesn’t drain the battery too much
  • hides as regular HTTPS traffic so it’s not blockable by Firewalls. (I don’t need strong censorship resistance; it just has to work in offices and hotel WiFis.)
  • Bonus: A server like caddy can also accept HTTPS traffic for some regular websites next to the VPN server.

https://github.com/TrustTunnel/TrustTunnel sounds interesting, but the PR for docker compose was closed.

Do you know something else?

  • mlg@lemmy.worldEnglish
    4·
    22 hours ago

    (I don’t need strong censorship resistance; it just has to work in offices and hotel WiFis.

    Wireguard on 443 or OpenVPN + Stunnel on 443

    Wireguard is easier to setup because there’s no OpenVPN app that packages stunnel (afaik), so you have to run 2 apps on your phone to make it work.

    A server like caddy can also accept HTTPS traffic for some regular websites next to the VPN server.

    Wireguard uses UDP, so just run whatever you want on 443 TCP with caddy (unless you want QUIC for some reason?)

    Anything beyond that and you’d be looking at using a proper obfuscation solution like Shadowsocks or obfs4, in which case you should look into Amnezia or Tor bridges.

    • pr3d@eviltoast.orgOPEnglish
      1·
      13 hours ago

      I think I will stick to wireguard on port 443/udp. Hope UDP is open in strict networks. Maybe someone hasn’t heard of HTTP/3.

      Everything else sounds not necessary because I don’t travel to china or similar. stunnel needs termux on android in-between? This adds too many moving parts IMO.

      AmneziaWG will enter wg-easy in v16 and WG Tunnel already supports it. Don’t know how hard it it to configure, but the Jc, Jmin, Jmay, … settings in WG Tunne look confusing.